As mentioned in the LAN section of this forum I am moving away from a completely flat L2 network to a segmented network using VLAN's in multiple buildings.
So for my implementation I envisage per building:
Administration VLAN etc.
So essentially a geographical segmentation...
Now I am being asked to look into wireless to bolt onto this network and was wondering how it was done? For example do people stretch a single VLAN across their entire site and allocate a large network (/22 etc)... or do people carry on the wired methodology and create VLAN's per building such as:
•Wired VLANs are localized per building (use of unique VLAN-IDs per building). •Layer 3 policies are implemented on all VLANs to prevent users from accessing critical applications such as network management servers, and so on.
However I do not understand this part:
Note: In this deployment scenario, VLANs are localized per building with user group mapping to wired VLAN-IDs different for each building. In order to enable users to access the WLAN from anywhere on campus, SSID access control is recommended rather than fixed VLAN-ID assignments.
An SSID is mapped generally mapped to a dynamic interface which is mapped to a VLAN.
It's a good start to start with creating SSIDs based on your needs users/voice/guests
2)voice (if applicable)
3)guest (if applicable)
==> Each SSID/WLAN has some properties you can specify (authentication method/Qos requirements....)
Your design depends on the # APs, location AP, # WLCs, remote sites with WLC, ...
Considering a campus with 1 or 2 WLCs -
it's perfect possible to use a /22 for the SSID corporate users. This because broadcasting is disabled bydefault on the wlan + the vlan is not stretched across the LAN. The vlan only exists between the WLC and the first L3 hop- and not at the access switches.
An SSID guest could be mapped for example to a dynamic interface with an unrouted vlan which ends on the firewall.
(An SSID is mapped to a VLAN via a dynamic interface)
There isn't necesarrily any need to segment wireless LANs off like wired ones, and the approach we take at my workplace is wirless LAN segmented by function, so we do have a couple wirelss networks spanning several buildings, and no problems because of it.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...